qihaiyan commented on code in PR #9028:
URL: https://github.com/apache/apisix/pull/9028#discussion_r1128071257
##########
apisix/plugins/cors.lua:
##########
@@ -297,12 +297,15 @@ end
function _M.header_filter(conf, ctx)
local req_origin = ctx.original_request_origin
- -- Try allow_origins first, if mismatched, try allow_origins_by_regex.
+ -- If allow_origins_by_regex is not nil, should be considered to
allow_origins_by_regex only
local allow_origins
- allow_origins = process_with_allow_origins(conf.allow_origins, ctx,
req_origin)
- if not match_origins(req_origin, allow_origins) then
- allow_origins = process_with_allow_origins_by_regex(conf, ctx,
req_origin)
+ allow_origins = process_with_allow_origins_by_regex(conf, ctx, req_origin)
+ if not match_origins(req_origin, allow_origins) and
conf.allow_origins_by_regex == nil then
Review Comment:
With cors plugin's default config, when a request doesn't have a origin
header, the match_origins method will return true, then the following
process_with_allow_origins method won't be executed.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
